RHCOS 4 : OpenShift Container Platform 4.9.26 (RHSA-2022:1021)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1021 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 - workflow-cps: OS command execution through crafted SCM contents...

RHCOS : OpenShift Container Platform 4.9.6 (RHSA-2021:4118)

The remote Red Hat Enterprise Linux CoreOS host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4118 advisory. - haproxy: does not ensure that the scheme and path portions of a URI have the expected characters CVE-2021-39240 - haproxy: an HTTP...

RHCOS 4 : OpenShift Container Platform 4.4.3 haproxy (RHSA-2020:1936)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1936 advisory. - haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated chunked value CVE-2019-18277 - haprox...

RHCOS 4 : OpenShift Container Platform 4.8.36 (RHSA-2022:1153)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1153 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 Note that Nessus has not tested for this issue but has instead relied only ...

RHCOS 3 : OpenShift Container Platform 3.9 haproxy (RHSA-2019:0547)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0547 advisory. - haproxy: Out-of-bounds read in dns.c:dnsvalidatednsresponse allows for memory disclosure CVE-2018-20102 - haproxy: Mishandling of...

RHCOS 3 : OpenShift Container Platform 3.10 haproxy (RHSA-2019:0548)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0548 advisory. - haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash CVE-2018-20615 Note that Nessus has not...

RHCOS 3 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1064)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1064 advisory. - 3: logs from a deleted namespace can be revealed if a new namespace with the same name is created CVE-2016-2149 - Privilege...

RHCOS 1 : haproxy (RHSA-2013:1204)

The remote Red Hat Enterprise Linux CoreOS 1 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:1204 advisory. - haproxy: httpgethdr/getipfromhdr2 MAXHDRHISTORY handling denial of service CVE-2013-2175 Note that Nessus has not tested for this issue but...

RHCOS 4 : OpenShift Container Platform 4.11.57 (RHSA-2024:0308)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0308 advisory. - haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 Note that Nessus has not tested for this issue but has instea...

RHCOS 6 : haproxy (RHSA-2013:0729)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0729 advisory. - haproxy: rewrite rules flaw can lead to arbitrary code execution CVE-2013-1912 Note that Nessus has not tested for this issue but has inste...

RHCOS 2 : Red Hat OpenShift Enterprise 2.2.8 (RHSA-2015:2666)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2666 advisory. - haproxy: information leak in bufferslowrealign CVE-2015-3281 Note that Nessus has not tested for this issue but has instead relied only on...

RHCOS 4 : OpenShift Container Platform 4.15.24 (RHSA-2024:4853)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4853 advisory. - haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers CVE-2023-45539 - go-retryablehttp: ur...

RHCOS 4 : OpenShift Container Platform 4.14.36 (RHSA-2024:6412)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6412 advisory. - golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString CVE-2022-23772 - haproxy: untrimm...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : HAProxy vulnerability (USN-8208-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8208-1 advisory. Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this...

USN-8208-1 haproxy vulnerability

Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information...

CVE-2026-33077

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

OESA-2026-2086 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

OESA-2026-2083 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

openSUSE 16 Security Update : haproxy (openSUSE-SU-2026:20618-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20618-1 advisory. Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626. Tenable has...

CVE-2026-33076

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...